The Equifax breach not only exposed sensitive personal information of 143 million Americans, but it also underscored the huge and largely unaddressed vulnerabilities that make widespread identity theft possible. (AP Photo/Elise Amendola) Elise AmendolaAP

The Equifax breach not only exposed sensitive personal information of 143 million Americans, but it also underscored the huge and largely unaddressed vulnerabilities that make widespread identity theft possible. (AP Photo/Elise Amendola) Elise AmendolaAP

The vulnerability Krebs identified was in a web portal that let the company’s employees in Argentina access credit report disputes for Argentinian consumers, he said.

“It was wide open, protected by perhaps the most easy-to-guess password combination ever: ‘admin/admin,’” Krebs wrote in a blog post detailing exactly how the vulnerability was discovered by Hold Security LLC, a U.S. cybersecurity firm that Krebs advises.

Equifax has already shut down the website in question, according to the BBC.

“We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cybersecurity event that occurred in the United States last week,” an Equifax spokeswoman told the BBC. “We immediately acted to remediate the situation, which affected a limited amount of information strictly related to Equifax employees.”

Krebs said that if anyone had gotten into the easy-to-access portal, he or she would have been able to access thousands of customers’ private data—including Argentinians’ national identification numbers, though unlike U.S. social security numbers, those numbers are not closely guarded, BBC reports.

Still, cybersecurity expert Alan Woodward of the University of Surrey told the BBC that the kind of vulnerability seen in Argentina was “extraordinary.”

“It’s outrageous that any organization that holds such sensitive personal data can build a portal with this kind of basic security vulnerability,” Woodward said. “It simply shouldn’t happen and responding that they have now fixed the issue is not the point: it puts a huge question mark over whether Equifax have been applying the appropriate resources to online security elsewhere.”

Equifax told the BBC that there was no indication any sort of breach of the Argentinian data had happened.

“We have no evidence at this time that any consumers or customers have been negatively affected,” the spokeswoman said. “We will continue to test and improve all security measures in the region.”

Pressure is mounting for a federal investigation into the breach in the U.S.